Security

Both physical and cyber-security aspects are important to take into account when operating a critical system. Some actions you may take to ensure your system’s security:

  • Limit physical access
  • Limit software access
  • Share details of the system with only those who need it
  • Monitor your system

Physical security

Physical security is the first line of defence in keeping any PNT system safe; firstly by preventing criminals from destroying, stealing or manipulating these often expensive hardware components, secondly by also preventing non-experts from accidentally harming the setup (like unplugging a receiver or turning off the data processing computer). By making sure the hardware is behind locked doors, and potentially even adding security cameras, the safety of your system will be much increased.

Some actions to ensure physical security:

  • Lock the equipment room
  • Protect data storage/back-up location
  • Monitor your hardware, for instance by installing security cameras

Data security

Besides physical protection, the data coming from the receiver (and the processing software) must also be protected, especially if this data (timing or position) is the basis on which critical decisions are made. Only qualified and trusted people should have access to the computer interfacing with the PNT system, to prevent malicious or unwitting interference with this sensitive information.

Besides the access, the integrity of the data itself needs to be monitored. Recently the Galileo constellation introduced the concept of OSNMA, which is a method used to authenticate GNSS signals. This is a step towards making sure that the GNSS signals which are used to compute PNT are trustworthy, and the position/timing information used in critical applications can be trusted.  Another similar development is  GALILEO Public Regulated Service (PRS), which provides position and timing information restricted to government-authorised users, for sensitive applications which require a high level of service continuity. 

A PNT system may use other external data sources besides GNSS signals, such as timing information from the internet or corrections to make the PNT information more precise. To make sure the received file is authentic, and not modified by a third party, your system can compute checksums and compare these with the checksums of the original files. This is something a sophisticated software fetching said information might do automatically, but it’s another aspect of working with third party information that has to be considered. If you are sure that all information the system receives is authentic, there is still always the possibility of errors in the data, or gaps that have to be handled accordingly.

If your PNT system contains data storage, which could serve as memory for the system storing previous PNT information, you must make sure this is properly protected, backed up, and potentially errors are backward corrected.

Some actions to ensure information security:

  • Only allow trusted personnel to access the computer receiving and processing the position/timing data
  • Consult cybersecurity expert(s) on the security of your system
  • Check the authenticity of external messages where possible:
  • Compute checksums for information (like corrections) arriving through the internet
  • Use OSNMA to authenticate GNSS signals where possible
  • Search for additional integrity measures to use (for instance enable advanced settings in the receiver, RAIM, ARAIM)
  • If data is stored in the system, protect its location and make back-ups

Monitor the system; use anomaly detection methods and flag irregularities